https://issues.apache.org/bugzilla/show_bug.cgi?id=44956
--- Comment #1 from [EMAIL PROTECTED] 2008-05-13 07:49:14 PST ---
I'd like Raul to comment on this one, since I think this is part of his
performance improvement changes. It seems that if we just removed line 123
of KeyInfo.java, it would fix the problem:
_storageResolvers.add(null);
If there is a simple, low-risk fix then I am open to adding this to 1.4.2.
(In reply to comment #0)
> We are having problems with an org.apache.xml.security.signature.XMLSignature
> instance creation in a multi-threaded environment: sometimes an
> ArrayIndexOutOfBoundsException is thrown:
>
> java.lang.ArrayIndexOutOfBoundsException: 38
> at java.util.ArrayList.add(Unknown Source)
> at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
> ...
>
> The XMLSignature constructor being used is:
> public XMLSignature(Element element, String BaseURI)
>
> Looking further at the sources I found out that:
> 1. The KeyInfo constructor being invoked by the XMLSignature constructor must
> be public KeyInfo(Element element, String BaseURI) (XMLSignature:297).
> 2. The exact line producing the exception must be _storageResolvers.add(null)
> (KeyInfo:123).
> 3. Upon the creation, the _storageResolvers variable of *each* KeyInfo
> instance
> holds a reference to the *single* static nullList variable (KeyInfo:1067).
> Thus, adding null to that list effectively modifies the single shared
> ArrayList
> instance, while concurrent access and structural modifications of an ArrayList
> instance are not allowed.
> 4. The entire _storageResolvers.add(null) statement seems to be useless and
> probably could be simply removed.
> 5. IMHO, such a strange invention :) as that nullList should be evaluated and
> probably removed as well.
>
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
